PT-2019-9032 · Vivotek · Vivotek Fd8136

Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 devices affected versions not specified Description: The issue is related to a stack-based buffer overflow, which can lead to remote memory corruption and remote code execution. This is connected to the use of sprintf, vlocal...

DEBIAN-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

AZL-44598 CVE-2019-13464 affecting package mod_security_crs 3.0.0-11

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

Design/Logic Flaw

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

PT-2019-13349 · Owasp · Owasp Modsecurity Core Rule Set

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS version 3.0.2 Description: An issue was discovered where the use of X.Filename instead of X Filename can bypass some PHP Script Uploads rules. This occurs because PHP automatically transforms dots into...

ACDSee Free User Mode Write Access Conflict Vulnerability (CNVD-2019-24224)

ACDSee is an image manager, viewer and editor program for Windows, macOS and iOS developed by ACD Systems International.ACDSee Free is the free version of ACDSee. ACDSee Free 1.1.21 suffers from a user mode write access conflict vulnerability starting at...

CVE-2019-13251

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDEACDStd!IEPSetColorProfile+0x00000000000c47ff...

CVE-2019-13250

ACDSee Free 1.1.21 has a User Mode Write AV starting at IDEACDStd!IEPSetColorProfile+0x00000000000b9c2f...

CVE-2019-13151

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi exploitable with authentication via the action setstaenrolleepin5g and the key wpsstaenrolleepin...

CVE-2019-13128

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings...

CVE-2019-13128

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings...

Foxit Reader Privilege Escalation Vulnerability - Mac OS X

Foxit Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:reader";...

Prototype Pollution

Overview Versions of set-value prior to 3.0.1 or 2.0.1 are vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...

Google Releases Open Source Tool For Computational Privacy

Google is releasing a new open-source cryptographic tool aimed at boosting privacy around sensitive data sets. The tool, called Private Join and Compute, is designed to help companies who are working together with confidential data sets. Private Join and Compute, allows companies to share data in...

@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)

set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. The function set-value could be tricked into adding or modifying properties of Object.prototype using any of...

CVE-2012-6711

A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LCCTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, ma...

PT-2019-2955 · Netwide +2 · Netwide Assembler +2

Name of the Vulnerable Software and Affected Versions: Netwide Assembler NASM versions 2.14.xx Description: The issue is related to a NULL pointer dereference in the libnasm.a component of the Netwide Assembler NASM. This can be triggered when the "%pragma limit" is mishandled, specifically in th...